- restructure includes

- new participo functions: isAdmin, hasUserAttribute

homepage/participo/lib/participoLib/participo.php

@@ -1,4 +1,5 @@
 <?php
+// require_once("spyc/Spyc.php");
 
 class participo{
 	private static $db = null;
@@ -62,14 +63,17 @@ class participo{
 			return false;
 		}
 
-		// query all users with the entered name
+		// query *all* users with the entered name
+		// @todo check for e.g., len(user)=1
+		// @todo getUser?
 		$user = dbConnector::query(
 			"SELECT `id`, `loginName`, `pwHash`, `config` FROM `wkParticipo_Users` WHERE `loginName` = :loginName",
 			['loginName' => ['value'=>$loginName, 'data_type'=>PDO::PARAM_STR]]
 		);
+		$user = $user[0];
 
 		// If there is no such user OR the password isn't valid the login fails
-		if( empty($user || !password_verify( $password, $user['pwHash']) )){
+		if( empty($user) || !password_verify( $password, $user['pwHash'])){
 			sleep(5); // discourage brute force attacks
 			self::addMessage('error', "<div>Falsches Passwort oder LoginName</div>");
 			return false;
@@ -80,9 +84,9 @@ class participo{
 		$_SESSION = array(
 			'login' => true,
 			'user'  => array(
-				'username'  => $row['loginName'],
-				'userId' => $row['id'],
-				'userConfig' => json_decode($row['config'], true)
+				'username'  => $user['loginName'],
+				'userId' => $user['id'],
+				'userConfig' => json_decode($user['config'], true)
 			)
 		);
 
@@ -92,6 +96,44 @@ class participo{
 		self::addMessage('success', "<div>Anmeldung erfolgreich</div>");
 		return true;
 	}
+
+	/**
+	 * Checks, if a user is an admin
+	 *
+	 * @param [type] $userId id of the user to check
+	 * @retval true user with id $userId has attribute "isAdmin"
+	 * @retval false otherwise
+	 */
+	static function isUserAdmin($userId){
+		return self::hasUserAttribute( $userId, "isAdmin");
+	}
+	
+	/**
+	 * Checks, if a user as a certain attribute
+	 *
+	 * @param [type] $userId id of the user to check
+	 * @param [type] $attributeName string name of the attribute to check
+	 * @return boolean
+	 */
+	static public function hasUserAttribute($userId, $attributeName){
+		// sqlQuery: Select the user if it has the given attribute
+		$query = <<<SQL
+SELECT `wkParticipo_user<=>userAttributes`.userId, `wkParticipo_userAttributes`.name 
+FROM `wkParticipo_user<=>userAttributes` LEFT JOIN `wkParticipo_userAttributes` 
+ON `wkParticipo_user<=>userAttributes`.`attributeId` = `wkParticipo_userAttributes`.`id` 
+WHERE `wkParticipo_userAttributes`.name = :attributeName AND userId=:userId;
+SQL;
+		$params = array(
+			':userId'        => array('value'=>$userId,        'data_type'=>PDO::PARAM_INT), 
+			':attributeName' => array('value'=>$attributeName, 'data_type'=>PDO::PARAM_STR) 
+		);
+		$attributedUsers = dbConnector::query($query, $params);
+		// Since the id should be unique, there should only be one result this is just for dealing with empty arrays
+		foreach($attributedUsers as $u)
+			if($u['userId']==$userId)
+				return true;
+	return false;
+	}
 }
 
 /**
@@ -310,6 +352,9 @@ function loadMarkdownFile($fileName){
 function logLoginsToJsonFile($userName, $fileName="lastLogins.json"){
 	try{
 		$lastLogins = json_decode(file_get_contents($fileName), true);
+		if ($lastLogins == NULL){
+			return;
+		}
 		if(!array_key_exists($userName, $lastLogins))
 			$lastLogins[$userName] = [];
 		if(!array_key_exists('lastLogins', $lastLogins[$userName]))
@@ -340,7 +385,7 @@ class dbConnector{
 	///  ':userId'     => array('value'=>$anUserId,      'data_type'=>PDO::PARAM_INT), 
 	///  ':attributeId'=> array('value'=>$anAttributeId, 'data_type'=>PDO::PARAM_INT) )
 	/// @param $someOption
-	function query($aQueryString, $aBindArray = array(), $someOptions = array()){
+	public static function query($aQueryString, $aBindArray = array(), $someOptions = array()){
 		// Standardbelegungen
 		if( empty($someOptions['dbCharset' ]) ) $someOptions['dbCharset' ] = "ISO-8859-1";
 		if( empty($someOptions['outCharset']) ) $someOptions['outCharset'] = "UTF-8";